Bug #36480: Do not make BE usernames available to the public - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #36480

closed

Do not make BE usernames available to the public

Added by Timo about 12 years ago. Updated almost 11 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Category:

Target version:

Start date:

2012-04-23

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.5

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

After a user has logged in in the backend, typo3 creates a locallang file with the username.
Such file is created for each backend user. Each file contains the username of the backend user. This is a potential security hole, because you can filter out these usernames.

The username is added at line 425 of the backend.php.

Example:
"refresh_login_title":"Refresh Login to TYPO3 (User: admin)"

Is it possible to change this in general?

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #36480

Do not make BE usernames available to the public

Updated by Chris topher about 12 years ago

Updated by Helmut Hummel about 12 years ago

Updated by Helmut Hummel about 12 years ago

Updated by Helmut Hummel about 12 years ago

Updated by Timo about 12 years ago

Updated by Alexander Opitz almost 11 years ago